Users
OS |
VMWare plugin/Standalone |
Installation user |
Running user |
Linux / Unix |
Standalone |
Account specified by operator in UI (ROOT or Sudoers) |
Account specified by operator in UI (ROOT or Sudoers) |
Windows |
Standalone |
Account specified by operator in UI (Admin level) |
SYSTEM |
Windows |
VMWare plugin |
Uses the user that "VMWare tools" application is running as |
SYSTEM |
root ALL=(ALL:ALL) ALL
(User details) ALL=(ALL:ALL) NOPASSWD: ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
%root ALL=(ALL:ALL) NOPASSWD:ALL
# See sudoers(5) for more information on "@include" directives:
@includedir /etc/sudoers.d
Note : After Adding the above details reboot the server
Installation Permission and Location
Permissions
The JetPatch Connector installation files need read/write/execute permission to the following locations:
Windows
- C:\\Windows\Temp
- C:\\Program files\
Linux / Unix
- /tmp
- /var/run
Note: To change the default folder please follow the article
Locations
- Windows: The installation target is configurable. See article
- Linux/Unix: The installation target is configurable. See article
- Windows: C:\Program Files\Intigua\
- Linux\Unix: /usr/local/intigua
Protocols
Communication between JetPatch server and endpoints is based on one of the following three protocols:
Note: The primary protocol is WEB once the connector is installed. If the primary protocol is down, then it will fall back to SSH and SMB, depending on OS.
- From Endpoints to JetPatch -
- From JetPatch to Endpoints -
- SSH (22) - For operations on Linux/Unix (only required if installing the connector on Linux/Unix machines from JetPatch console). The connector can be deployed outside of JetPatch with non-SSH alternatives, see link for details.
- SMB2 (445) - For operations on Windows machines (only required if installing the connector on Windows machines from JetPatch console). The connector can be deployed outside of JetPatch with non-SMB alternatives, see link for details.
These three protocols are used to perform one of the following operations:
- Install Agent
- Uninstall Agent
- Install Patch
- Uninstall Patch
- Run Task (including Workflow tasks)
- Start Agent
- Stop Agent
- Get the status of the connector
- Change connector configuration
- Retrieve connector logs
In addition, these protocols perform scripting and patching operations.
Each of these operations has it's own time-out (for example - time out for install operation is 5 minutes). In addition to the operation time-out - each driver (protocol) has its own growing-scale retry mechanism. Meaning that each failure will result in a longer suspension until the next try (for example - first suspension of 1 second, second suspension of 2 seconds, third of 4 seconds and so on up until 1 minute).
Connector Files and Processes
By default, JetPatch connector and managed agent files are stored in the following locations on endpoints:
OS |
Parent Directory |
Intigua subdirectory |
Managed agent subdirectory |
---|---|---|---|
Windows |
%Program_Files%\Intigua\ |
vAgentManager (delayed start) |
Intigua-Libs |
Linux/Unix |
/usr/local/intigua/ |
|
|
The Parent Directory is configurable in connector management services.
The following services, links and processes exist on endpoints:
OS |
Service / Link |
Intigua / Process |
Intigua Wrapper |
Helper |
Method |
---|---|---|---|---|---|
Windows |
Service: vAgentManager |
Intigua vlinkprocess jetpatch_enduser_app |
vlinkservice |
vagent_manager<32|64>.exe (Kernel-mode agents only) |
DLL injection |
Linux/Unix |
Symbolic link: S30vlink, in /etc/rc5.d |
vlink |
|
|
LD_PRELOAD injection |
Comments
0 comments
Please sign in to leave a comment.